Bank of England “fends off” eight cyber attacks per week, says CISO

The Bank of England weathers an average of eight cyber attacks including malware-laced “spear phishing” campaigns per week, according to Chief Information Security Officer Don Randall, as reported by Computer World.

Speaking at the Institute of Risk Management’s Cyber Risk 2014 summit, Randall, who previously headed the City of London police, with specific responsiblities relating to fraud and counter-terrorism, said that the bank faced eight “incidents” per week on average.

He said that, “To date, none of these have caused major harm,” but that cybercriminals, “Were definitely looking.”

Randall said that for a central bank, the Bank of England is relatively small, in terms of employees, numbering around 4,000 workers, according to CW UK’s report. He said that retail banks may face even more attacks from organised criminal gangs.

“I am not really troubled about serious organised crime at the Bank of England,” Randall said, according to Computer World’s report. “If I was one of the banks I would be more so. I am more worried about state actors, and hactivists, or someone who is just fed up with the Bank of England.”

Randall said that institutions such as banks needed to do more to share information between themselves. Earlier in the week, the Bank of England unveiled a new framework for financial institutions to share information with government and independent security experts, as reported by We Live Security here.

The new intelligence-sharing network, CBEST, aims to protect financial institutions by sharing information between government, security firms and financial institutions to “predict” vulnerabilities, according to a report by Information Age.

The move, announced by the Bank of England in a statement, and launched by Bank of England Executive Director for Resolution Andrew Gracie in a speech to the British Banker’s association, aims to bring together intelligence from government agencies, security firms and financial institutions.

The organization will use these to mimic the tactics used by cyber criminals, and work out which firms are vulnerable.

At 8 a week I would imaging these are incidents that warrant/require cleanup. If not I think taking a closer look at their visibility capabilities because that number sounds more in line with per-user to me